This is the mail archive of the ecos-bugs@sourceware.org mailing list for the eCos project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[Bug 1000376] ATHTTPD security Authorization parse can overrun memory

From: bugzilla-daemon at ecoscentric dot com
To: ecos-bugs at sources dot redhat dot com
Date: Fri, 15 Jun 2007 21:36:58 +0100 (BST)
Subject: [Bug 1000376] ATHTTPD security Authorization parse can overrun memory

https://bugzilla.ecoscentric.com/show_bug.cgi?id=1000376





------- Additional Comments From bugzilla_rmvthis@ds3switch.com  2007-06-15 21:36 -------
> I will stop when a '\r', a '\n' or a ' ' is found. Isn't it
> correct to assume that one of those three characters will always
> terminate the argument to the "Basic" header?

I think it's a bit optimistic to expect a browser, net-stacks and the bored Chinese teenager will always end with a character we expect.

> brings up another problem which I did not think about before:... Should we
> decree that the total, encoded
> length of the login/password string can never be more than 32
> characters

Have no idea, but seems like encoded pwd/name could go to >32 so maybe that unless it's a hassle.


-- 
Configure bugmail: https://bugzilla.ecoscentric.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]